Data breach reported in Agorà app used by Cypriot MEP Fidias Panayiotou

An independent security audit, verified by CIReN, has revealed a critical data breach in the Agorà application used by Cypriot MEP Fidias Panayiotou and his party, Direct Democracy Cyprus. The breach concerns the personal information of 39,937 users, including birth dates, gender, phone numbers, and email addresses. For candidates participating in internal party processes, additional data such as full names, residential cities, and profile photos were exposed. The vulnerability, identified by an anonymous cybersecurity researcher, stems from unprotected endpoints in the application's API. The researcher reported the findings to both the Data Protection Commissioner, Maria Christofidou, and Fidias Panayiotou last Thursday. Reports indicate that Panayiotou has not notified the commissioner or the affected users within the 72-hour window required by the EU's General Data Protection Regulation (GDPR). The application serves as a platform for users to vote on political positions within the party.